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AMENDMENTS TO THE SPECIFICATION: 

Please delete the paragraph at page 3, lines 9-21 from the application as follows: 

It is also known to d e tect data anomalies in th e form of vulnerabilities in compil e d binary code 
and disassembled binary cod e using hand crafted rul e s to identify potential bugs in th e cod e . The 
rul e s are generatcd - fey human exp e rts in vuln e rability dotootion. For example, in a hand craft e d 
rule Got category, a "SmartRlskAnatyner" product of the @ ot a ko company looks for '^triggers" in 
a computer program writt e n in assembly language code. "Triggers" Qfo calls to functions (such 
as strcpy) known to be vulnerabl e . On finding a trigger, SmartRisk Analyzer traces a data and 
control path back through th e program in order to d e t e rmine possible values of parameters 
compris i ng an argum e nt of the vulnerable or unsaf e function, to see if the function call will be 
^oiln e rnblo during run tim e . So callcd - black box t e sting technologies - ar e more commonly used, -? 
usually ref e rred to as ct fuzaors"; fuzz e rs essentially perform a random search or a brute force 
se ar - eh through a (usually intractably larg e ) spac e of test vootors. They can also bo onhancod by 
hand crafting constraints on the search spaoo'o domain , 

c& & 

Please amend the paragraph beginning at page 3, line 22 as follows: 

As before, the need for human experts to generate rules is undesirable because it is onerous. 
Although human experts may have much experience, it is not feasible for them to learn from all 
possible scenarios. Gaining additional and wider experience takes time and resources. Once a 
rule base is derived, it can be used to identify whether new software applications contain 
potentially exploitable binary code. However, current systems of vulnerability detection have 
rule bases which are typically static, i.e. unchanging over time unless rules are added or edited 
manually. As new vulnerabilities become apparent, such a system needs to be updated by hand 
in order to be able to identify associated 'bugs'. Further deficiencies of a rule-based approach^ 
such as that used by '©Sta k e ? is that it has a limitation on 'semantic depth' that is practical for 
such techniques. A vulnerability having semantics which are sufficiently complex is not likely to 
be detected by such an approach. 
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Please insert the following new paragraph after the paragraph ending on page 34, line 18: 

Data anomalies may be detected in the form of vulnerabilities in compiled binary code and 
disassembled binary code using hand-cr afted rules to identify potential bugs in the code. The 
rules are generated by human experts in vulnerability detection. For examp le, in a han d crafted 
rule set category, a "Sma rtRisk Analyzer" product of the (Slstake company looks for "triggers" in 
a comput er program written in assembly language code. "Triggers" are calls to functions (such 
as strcmft known to be vulnerable. On finding a trigger. Smart Risk Analyzer traces a data and 
control p ath back through the program in order to determine possible values of parameters 
comprising an argument of the vulnerable o r unsafe A motion, to see if the function call will be 
vulnerable during runjime. So-called black-box testing technologies are more cnmmnnly used . 
usually referred to as "fillers"; fib ers essentially perform a random search or a brute force 
search through a (usually intractably larger space of test vectors. Thev can also be enhanced by 
hand crafting constraints on the search space's domain. 
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